py-json5: updated to 0.14.0
0.14.0 (2026-03-27) This is really just a dependency bump release.
No (non-test) code changes.
Upgraded to latest packages for dev dependencies
Silenced a couple of warnings from the latest pylint where it can't deal with both unreachable code and a bad return value.
tor: updated to 0.4.8.23
Changes in version 0.4.8.23 - 2026-03-25
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
o Minor bugfixes (security):
- Fix a series of defense in depth security issues found across the
codebase. Fixes bug 41228; bugfix on 0.3.5.1-alpha.
o Minor features (fallbackdir):
- Regenerate fallback directories generated on March 25, 2026.
o Minor features (geoip data):
[2 lines not shown]
py-python-multipart: updated to 0.0.26
0.0.26 (2026-04-10)
* Skip preamble before the first multipart boundary more efficiently
* Silently discard epilogue data after the closing multipart boundary
libfido2: updated to 1.17.0
1.17.0 (2026-04-15)
** Added CTAP 2.3 support.
** Restrict webauthn.dll search paths; YSA-2026-01.
** Support application-managed PIN/UV Auth tokens.
** Support 64-byte hmac-secret salts when using windows://hello.
** Fixed a U2F transaction handling bug when a timeout had been set.
** Fixed a bug where stdin was closed on fido_nl_new failure.
** fido2-token: new -G -t mode to to retrieve a PPUAT.
** fido2-token: new -I -t mode for deciphering encrypted fields.
** fido2-cred -M: support the -t toggle argument
** Improved documentation and examples.
** Removed tools from SDK packaging on Windows.
** New API calls:
- fido_cbor_info_attfmts_len;
- fido_cbor_info_attfmts_ptr;
- fido_cbor_info_cfgcmds_len;
- fido_cbor_info_cfgcmds_ptr;
[27 lines not shown]
libgcrypt: updated to 1.12.2
Noteworthy changes in version 1.12.2 (2026-04-15)
* Bug fixes:
- Fix possible ECDH buffer overwrite with zeroes.
- Add a missing bounds check to the Dilithium context handling.
- Add point validation when using the new KEM interface.
* Other:
- Fix the dead-code of stronger_key_check for RSA.
adguardhome: updated to 0.107.74
0.107.74
Security
Frontend libraries has been updated to prevent the possibility of exploiting the vulnerability described in CVE-2026-40175.
Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in 1.26.2.
Changed
Configuration changes
Fixed
Incorrect forwarding of root domain requests when domain-specific upstreams are configured
The strict SNI check setting is not persisted when the TLS configuration is changed
Status reported by the launchd service implementation in cases of scheduled service restart.
Fixed clients block/unblock when moving clients between allowed and disallowed lists.
opencl-headers: updated to 2025.07.22
2025.07.22
Synchronize with OpenCL v3.0.19 specification release.
This release includes several changes that may affect backward compatibility:
Introduction of the CL_ENABLE_BETA_EXTENSIONS to guard beta features or extensions that can be modified with backward incompatible changes. Previously unguarded extensions are now guarded.
Introduction of anonymous unions in the struct _cl_icd_dispatch structure. This may cause warnings or errors during static initialization.
textproc/xan: update to 0.57.1
Fixes
Fixing xan sort --check -n & xan dedup --check -n printed report.
Fixing xan parallel cat -nS.
Fixing CSV parsing rare edge case panics.
Fixing commands relying on zero-copy CSV parsing for performance.
Performance
Improving performance of xan flatten, xan view, xan to & xan network.
Faster xan network -f nodelist in some cases.
